[Dnsmasq-discuss] coping with ipv6 source routing and dns

Simon Kelley simon at thekelleys.org.uk
Thu Jan 30 09:57:03 GMT 2014


On 29/01/14 19:22, Dave Taht wrote:
> I have been (mostly) happily fiddling with my new comcast ipv6 connection,
> trying to route all dns queries over ipv6 in particular, by disabling
> requesting the ipv4 dns addrs and relying on the dhcpv6 request to
> succeed.
>
> config interface eth0
>          option 'ifname' 'eth0'
>          option 'proto'  'dhcp'
>          option 'peerdns' '0'
>
> config interface wan6
>          option ifname   @eth0
>          option proto    dhcpv6
>          option 'broadcast' '1'
>          option 'metric' '2048'
>
> works. yea! no more nat holes for ipv4 dns.
>
> Problem is, I also have a hurricane electric tunnel. When I try to use
> both, addresses from one get used on the other and dns forward
> lookups fail.
>
> I think the right answer is to abandon resolv.conf.auto
> and instead explicitly assign ipv6 source addrs in dnsmasq...
>
> server=2001:558:feed::1 at AAAA:comcast:assigned:ipv6:address
> server=2001:558:feed::2 at AAAA:comcast.assigned:ipv6:address
> server=2001:470:20::2 at my:hurricane:assigned:ipv6:address
>
> yes? (I'll be trying this in a bit)
>
> One thing of possible useful note is that (yea!) we can just
> select some arbitrary new ipv6 address within the assigned range,
> add it to the local dnsmasq server box, and source dns lookups from
> that, using up just that port space.
>
> then my own /etc/resolv.conf just points to localhost
> for hm.armory.com,
>
> so I fix that with
>
> server=/hm.armory.com/172.26.3.1/
> server=/wifi.armory.com/172.26.2.1/
>
> But this doesn't help in terms of reverse lookups (I think),
> where I might or might not have my own delegated subdomain.
>
> from
>
> someoption=
> comcast.assigned.ipv6.address.range/60 lookup via 2001:558:feed::1 or ::2
> someoption=
> he.assigned.ipv6.address.range/48 lookup via 2001:470:20::2
>

I'm not sure I follow all of this, but for reverse DNS  something like
server=/<hex, lots of hex>.ip6.arpa/2001:558:feed::1

Will work.
> ?
>
> and then there's splitting dns... where I might want nuc.hm.armory.com
> AAAAs available to the outside universe. somehow.

Have you looked at the dnsmasq auth stuff for this?



Simon.

>
> ?
>
>
> My brain hurts.
>
>
>
>




More information about the Dnsmasq-discuss mailing list